Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6ff7d7-1edd-43c2-86cf-be4b06c5c42f/1/fj04IAgRtLyt8FxauXRHzCCY2dM.roa
File:                     fj04IAgRtLyt8FxauXRHzCCY2dM.roa (raw, json)
Hash identifier:          RQPUjLROTiuPGUSBn8RZIchppB8l2w9Yk7LM8XCFoI0=
Subject key identifier:   7E:3D:38:20:08:11:B4:BC:AD:F0:5C:5A:B9:74:47:CC:20:98:D9:D3
Certificate issuer:       /CN=1d72471e025de3a82a8df58aae6e12e31d6cd050
Certificate serial:       0197EE9FF0677CB7118611AC3DD401B736FA
Authority key identifier: 1D:72:47:1E:02:5D:E3:A8:2A:8D:F5:8A:AE:6E:12:E3:1D:6C:D0:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HXJHHgJd46gqjfWKrm4S4x1s0FA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6ff7d7-1edd-43c2-86cf-be4b06c5c42f/1/fj04IAgRtLyt8FxauXRHzCCY2dM.roa
Signing time:             Wed 09 Jul 2025 09:59:08 +0000
ROA not before:           Wed 09 Jul 2025 09:59:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56396
IP address blocks:        46.228.160.0/20 maxlen: 24
                          2001:678:cb4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6ff7d7-1edd-43c2-86cf-be4b06c5c42f/1/HXJHHgJd46gqjfWKrm4S4x1s0FA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6ff7d7-1edd-43c2-86cf-be4b06c5c42f/1/HXJHHgJd46gqjfWKrm4S4x1s0FA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HXJHHgJd46gqjfWKrm4S4x1s0FA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:9f:f0:67:7c:b7:11:86:11:ac:3d:d4:01:b7:36:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d72471e025de3a82a8df58aae6e12e31d6cd050
        Validity
            Not Before: Jul  9 09:59:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e3d38200811b4bcadf05c5ab97447cc2098d9d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a6:ec:73:6b:a2:7c:48:69:19:53:d3:75:de:
                    44:d8:0f:4f:5d:60:f6:31:46:d0:ea:b1:a9:18:9a:
                    d4:d0:55:bb:24:c2:a4:68:6c:62:a1:ae:c2:e5:93:
                    7b:00:9a:91:69:b8:a8:be:f2:dd:53:9a:92:c5:4e:
                    f2:c4:64:4f:20:26:1f:61:22:e7:bf:21:18:0b:8a:
                    10:ba:88:44:de:3b:57:a3:f6:b0:fb:e4:72:d6:36:
                    be:c8:02:fd:36:a6:41:53:7e:92:76:9c:90:cb:31:
                    c5:20:03:df:08:44:18:a9:d5:89:81:a3:15:03:8c:
                    2a:d5:17:81:26:50:a7:20:c5:d8:d6:90:57:de:06:
                    18:c2:06:c4:2b:dd:04:9e:fa:9f:95:81:6b:34:f4:
                    e8:a4:aa:bb:09:6d:79:52:a7:3a:58:6f:21:f6:35:
                    df:9a:a1:74:93:d6:b6:2f:e0:e4:f5:1a:f9:d9:56:
                    0b:04:06:13:1c:3c:c5:af:0b:c5:40:37:48:50:c5:
                    2b:b8:c6:8e:cb:d0:76:ac:51:3d:8a:a6:ae:06:1c:
                    c1:ab:08:52:4d:3d:d6:c2:22:7a:1a:f6:69:4e:8b:
                    08:ff:20:e7:6f:10:ad:9d:77:3d:1c:2a:ad:53:56:
                    8c:d1:69:fa:e3:48:7a:8d:86:af:12:ad:68:7b:71:
                    ca:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:3D:38:20:08:11:B4:BC:AD:F0:5C:5A:B9:74:47:CC:20:98:D9:D3
            X509v3 Authority Key Identifier:
                keyid:1D:72:47:1E:02:5D:E3:A8:2A:8D:F5:8A:AE:6E:12:E3:1D:6C:D0:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HXJHHgJd46gqjfWKrm4S4x1s0FA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6ff7d7-1edd-43c2-86cf-be4b06c5c42f/1/fj04IAgRtLyt8FxauXRHzCCY2dM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6ff7d7-1edd-43c2-86cf-be4b06c5c42f/1/HXJHHgJd46gqjfWKrm4S4x1s0FA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.228.160.0/20
                IPv6:
                  2001:678:cb4::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:59:7a:c8:d4:c9:cd:16:89:9b:f1:9e:3a:4b:de:35:fd:d5:
         39:c7:3a:01:e9:b1:f0:2c:d2:c3:99:20:da:bd:7c:32:5b:3b:
         d7:50:bb:42:9c:7d:58:5d:30:2d:7d:33:a8:84:f7:02:10:84:
         d4:a8:cf:57:89:3f:4f:25:33:f9:9a:9d:22:99:1d:a4:ed:88:
         ba:c3:40:39:5b:12:a9:f7:df:8e:bd:8d:d4:7a:52:c2:10:35:
         4a:ee:bf:16:b7:bc:ec:7a:58:c8:44:b8:8a:71:12:42:19:22:
         9d:1a:e7:93:8d:d8:9b:26:ad:dd:04:95:49:b7:c9:29:6c:da:
         97:de:b2:15:2b:7c:db:3f:1e:39:ba:26:2b:51:38:44:ed:66:
         6d:d9:e3:79:17:00:9f:e1:5e:0f:01:32:ef:72:b7:f6:f5:26:
         75:8d:79:8c:85:cc:6e:f0:79:b4:e7:6e:47:a6:eb:68:9a:9b:
         cc:f0:c0:61:53:81:46:83:6f:02:19:a6:cd:f0:b0:01:3b:9f:
         dc:11:49:5a:7e:aa:b0:d0:80:76:fb:a0:bb:02:7c:5d:99:c3:
         1b:47:92:26:72:8a:84:00:f9:be:6c:3d:ed:28:fd:75:ac:42:
         bf:9f:c8:c2:d0:17:67:23:22:31:98:33:d0:ce:20:96:31:73:
         22:61:a4:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZfun/BnfLcRhhGsPdQBtzb6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNzI0NzFlMDI1ZGUzYTgyYThkZjU4YWFlNmUxMmUzMWQ2
Y2QwNTAwHhcNMjUwNzA5MDk1OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTNkMzgyMDA4MTFiNGJjYWRmMDVjNWFiOTc0NDdjYzIwOThkOWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqbsc2uifEhpGVPTdd5E2A9PXWD2
MUbQ6rGpGJrU0FW7JMKkaGxioa7C5ZN7AJqRabiovvLdU5qSxU7yxGRPICYfYSLn
vyEYC4oQuohE3jtXo/aw++Ry1ja+yAL9NqZBU36SdpyQyzHFIAPfCEQYqdWJgaMV
A4wq1ReBJlCnIMXY1pBX3gYYwgbEK90EnvqflYFrNPTopKq7CW15Uqc6WG8h9jXf
mqF0k9a2L+Dk9Rr52VYLBAYTHDzFrwvFQDdIUMUruMaOy9B2rFE9iqauBhzBqwhS
TT3WwiJ6GvZpTosI/yDnbxCtnXc9HCqtU1aM0Wn640h6jYavEq1oe3HKywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH49OCAIEbS8rfBcWrl0R8wgmNnTMB8GA1UdIwQY
MBaAFB1yRx4CXeOoKo31iq5uEuMdbNBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFhKSEhnSmQ0NmdxamZXS3JtNFM0eDFzMEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82ZmY3ZDctMWVkZC00M2MyLTg2Y2Yt
YmU0YjA2YzVjNDJmLzEvZmowNElBZ1J0THl0OEZ4YXVYUkh6Q0NZMmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82ZmY3ZDctMWVkZC00M2MyLTg2Y2YtYmU0YjA2YzVjNDJm
LzEvSFhKSEhnSmQ0NmdxamZXS3JtNFM0eDFzMEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQELuSgMA8E
AgACMAkDBwAgAQZ4DLQwDQYJKoZIhvcNAQELBQADggEBAGNZesjUyc0WiZvxnjpL
3jX91TnHOgHpsfAs0sOZINq9fDJbO9dQu0KcfVhdMC19M6iE9wIQhNSoz1eJP08l
M/manSKZHaTtiLrDQDlbEqn33469jdR6UsIQNUruvxa3vOx6WMhEuIpxEkIZIp0a
55ON2Jsmrd0ElUm3ySls2pfeshUrfNs/Hjm6JitROETtZm3Z43kXAJ/hXg8BMu9y
t/b1JnWNeYyFzG7webTnbkem62iam8zwwGFTgUaDbwIZps3wsAE7n9wRSVp+qrDQ
gHb7oLsCfF2ZwxtHkiZyioQA+b5sPe0o/XWsQr+fyMLQF2cjIjGYM9DOIJYxcyJh
pN4=
-----END CERTIFICATE-----